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Abstract — Transportation safety, one of the main driving 
forces of the development of vehicular communication (VC) 
systems, relies on high-rate safety messaging (beaconing). At 
the same time, there is consensus among authorities, industry, 
and academia on the need to secure VC systems. With specific 
proposals in the literature, a critical question must be answered: 
can secure VC systems be practical and satisfy the requirements 
of safety applications, in spite of the significant communication 
and processing overhead and other restrictions security and 
privacy-enhancing mechanisms impose? To answer this question, 
we investigate in this paper the following three dimensions for 
secure and privacy-enhancing VC schemes: the reliability of 
communication, the processing overhead at each node, and the 
impact on a safety application. The results indicate that with the 
appropriate system design, including sufficiently high processing 
power, appfications enabled by secure VC can be in practice as 
effective as those enabled by unsecured VC. 

I. Introduction 

Vehicular communication (VC) systems are developed as 
a means to enhance transportation safety and efficiency. Ve- 
hicles and road-side infrastructure units (RSUs) are equipped 
with on-board sensors, computers, and wireless transceivers. 
Vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) 
communication enable primarily safety applications. Many 
research and development projects, including the Car-to-Car 
Communication Consortium in Europe and the US Department 
of Transportation VII initiative, converge towards a design 
with vehicles frequently beaconing their position along with 
warnings on their condition or the environment. Typical bea- 
coning periods considered are in the order of one beacon per 
100 milliseconds per vehicle. 

At the same time, it has been understood that VC systems 
are vulnerable to attacks and that the privacy of their users is 
at stake. For example, an attacker could inject messages with 
false information, or collect vehicle messages to track their 
locations and infer sensitive user data. As a result, the research 
community in industry and academia, with the endorsement 
of authorities, has undertaken three major efforts to design 
security and privacy enhancing solutions for VC: the NoW 
project [8], the IEEE 1609.2 working group [9], and the 
SeVeCom project [11]. 

A few basic ideas transcend all these efforts to develop VC 
security architectures. They all build on top of a currently 



well-understood vehicular communication protocol stack that 
includes safety beaconing. Moreover, they all utilize a Certifi- 
cation Authority (CA) and public key cryptography to protect 
V2V and V2I messages. Their primary requirements are 
message authentication, integrity, and non-repudiation, as well 
as protection of private user information. To address those 
apparently contradictory goals, they all rely on the concept of 
pseudonymity or pseudonymous authentication [8], [9], [11]: 
they require that (i) each vehicle (node) is equipped with 
multiple certified public keys (pseudonyms) that do not reveal 
the node identity, and (ii) the vehicle uses them alternately, 
each for a short period of time, so that messages signed under 
different pseudonyms cannot be Unked. 

It is becoming clear that the security overhead of such 
systems will be significant; for example, each safety beacon 
has to be signed, and each vehicle has to validate every 100 
milliseconds beacons from several dozens of vehicles within 
range. Which, not to forget, may essentially change their 
identity (pseudonym) at any point in time, thus making it 
harder for their neighboring vehicles to validate their signed 
beacons. 

The immediate question, for designers and users of vehic- 
ular communication systems alike, arises: What is the effect 
of security and notably these broadly accepted pseudonym- 
based mechanisms on safety applications? In plain terms, 
can, for example, vehicle collisions still be avoided when an 
emergency braking situation arises? 

There has been a timid approach to answer this question in 
our earlier work [5], whose main contribution was the sim- 
plification of key (pseudonym) management while satisfying 
privacy and security requirements. But, in terms of evaluating 
the impact of security on the VC system effectiveness, we 
analyzed only a simple transportation scenario: the distance 
at which a fast-approaching vehicle receives an emergency 
braking signal from a vehicle ahead. 

In this paper, we extend the work in [5] to investigate the 
impact of security on transportation safety. First, we consider 
more realistic and complex scenarios, in particular, a platoon 
of one hundred cars. We develop a simulation environment 
and provide an evaluation that takes into consideration factors 
critical for vehicle safety. Primarily, the probability of (safety) 



message reception, especially as the channel load may change, 
and the processing load. We study the impact of an emergency 
situation throughout the platoon: we measure the occurrences 
of vehicle collisions for different environments and different 
security and privacy protection schemes, and compare against 
the effectiveness of a basic "no security" safety beaconing 
scheme. We emphasize that our objective here is not to propose 
new security and privacy enhancing schemes. Rather, we 
evaluate the state-of-the-art approaches and seek to identify 
if and how they can be practical, satisfying the requirements 
of safety applications. 

In the rest of the paper. Sec. |ll] outlines the secure commu- 
nication schemes we consider in our evaluation. We present 
the simulation setup for our analysis in Sec. |III1 Our results, 
for each of the considered schemes, follow, on three fronts: (i) 
the reliability of communication (Sec. llVb . (ii) the processing 
load at each node (Sec. [V]), and (iii) the overall impact on the 
transportation safety, expressed as the proportion of collided 
vehicles, under various conditions (Sec. IVII ). Even under 
high-stress network scenarios, our findings are encouraging: 
with appropriate system design, the achieved safety levels for 
secure and privacy-enhancing VC systems can be practically 
indistinguishable from those achieved without security. 

II. Secure and Privacy-Enhancing Vehicular 
Communication 

A. Baseline Pseudonyms (BP) 

Following the notation in [5], each vehicle (node) V has 
a set of pseudonyms, i.e., public keys certified by the CA 
without any information that identifies V. If Ky is V's i- 
th pseudonym, the certificate CertcAiKy) is simply the 
CA signature on Ky. The node uses the private key ky 
corresponding to the pseudonym Ky to sign messages. The 
signer's pseudonym and certificate are attached in each mes- 
sage, with (Tf^i (to) the signature on message to under Ky. 
Each pseudonym is used at most for a period of r seconds and 
it is then discarded. When a signed message is received, nodes 
vahdate, with the public key of the CA, CertcA{Ky), and 
then <T/ji (m). These signatures are commonly understood to 
be generated with the help of an Elliptic Curve cryptosystem, 
such one of the EC-DSA schemes standardized in [2]. 

B. Hybrid Scheme 

The Hybrid scheme, proposed in [5], is essentially a 
pseudonymous authentication scheme that enables nodes to 
generate their own certified pseudonyms. The only aspect of 
BP that Hybrid changes is the computation of pseudonym and 
its certificate and, consequently, their validation. To maintain 
the degree of privacy protection pseudonymous authentication 
provides, nodes utilize a group signature (GS) scheme [4] to 
generate their own certificates. 

In brief, a GS scheme requires that each node V is equipped 
with a secret group signing key gsky and that it belongs to a 
group G, with members all vehicles registered with the CA. 
A group signature ScA.v generated by a group member can 
be validated with the use of the group public key gpkcA- The 



essence of a GS scheme is that any V can sign a message on 
behalf of the group, but the identity of V is never revealed 
to any signature verifier and no two signatures of a legitimate 
group member can be linked. 

The GS scheme allows each node in G to first generate 
its own set of pseudonyms {i^y} (and their corresponding 
private keys ky) for a "classic" cryptosystem such as EC- 
DSA. Then, V generates a group signature 'ScAyO on each 
pseudonym Ky. What V does is to "self-certify" Ky by 
producing Cert^j^{Ky); H denotes the hybrid scheme, to 
differentiate this from the certificate of the BP approach, and 
CA indicates that the certificate was generated by a legitimate 
node registered with the CA (the group G). 

When a Hybrid-signed message is received, the group 
signature YjcA,v{Ky) is first validated. According to the GS 
scheme properties, the verifier of the certificate cannot identify 
V and cannot link this certificate and pseudonym to any prior 
pseudonym used by V . Once the certificate is validated, the 
"classic" signature cr^i (m) identical to that of the BP scheme 
is validated. For furtK er details, omitted here due to space 
limitations, we refer to [5] and references within. 

C. Optimizations 

We consider the three optimizations devised in [5], but 
when applicable (for Optimizations 2 and 3 and Optimization 
1 at the verifier's side) we do so for any pseudonymous 
authentication scheme, rather than the Hybrid scheme only. 
When the optimizations are applicable for both the BP and 
Hybrid schemes, we simplify the notation for the certificates 
to Cert{Ky), not distinguishing which method is used for the 
certificate generation. 

Optimization 1: At the sender side, the certificate 
Cert^j^{Ky) for a pseudonym Ky is computed only once, as 
CertQ^{Ky) remains unchanged throughout the pseudonym 
lifetime r. Similarly, at the verifier, Cert{Ky) is validated 
(and stored) only when it is first received, although the 
same signer will append it to multiple subsequent messages. 
Optimization 1 is effective as the beaconing rate 7 is such 
that T >> 7"^. 

Optimization 2: The sender appends its signature 
(jf.i (m) to all messages, but it appends it along with the cor- 
responding Ky, Cert{Ky) once every a messages (beacons). 
We denote such a message as LONG. For the remaining 
a ~ 1 messages, V appends only ctj,; (to) to the message 
payload. We denote such messages as SHORT. We term 
a the Certificate Period. Once a new pseudonym must be 
used (e.g., upon expiration of the one currently in use by V), 
af.,+i{m),Kl^^,Gert{Kl^'^) is transmitted. 

Optimization 3: As Optimization 2 can harm the protocol 
robustness^ the transmission of K^^'^ ,Gert{Kl^^) can be 
repeated for f3 consecutive messages after the pseudonym 
change, with /3 termed the Push Period. 

'if the message with , Cert(K^^) is lost due to wireless channel 

impairments, nodes in range of V will be able to validate any signed safety 
messages only a (or more) messages after the lost pseudonym/certifcate 
transmission. 
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III. Simulation Setup 

Our simulator, custom-built in C and partly relying on ns- 
2, implements the Dedicated Short Range Communications 
(DSRC) data link [1], with vehicles transmitting beacons on 
a common channel at a rate 7 = 10 beacons/sec, a value 
considered mandatory for safety applications. Vehicles include 
their direction and location but are not further concerned with 
the content of messages m whose payload is set to 200 bytes. 
Table provides the cryptographic communication overhead 
per message. We implement the physical layer and a realistic 
radio propagation model [10], as in [6], [12], with an intended 
(nominal) transmission range of d = 200 meters [1], [13]. 

We simulate scenarios of four- and eight-lane highways]! 
with vehicles moving in two opposing two- and four-lane 
flows. Along each lane, vehicles are randomly placed with an 
average spacing of s meters between two vehicles, and their 
velocity is randomly drawn with an average v. The average 
spacing value is one vehicle every s = 20 meters per lane, 
and the average vehicle velocity is 1; = 80km /h. Vehicles 
process messages from vehicles with the same heading within 
a S > 0. We model wet road conditions by setting the vehicle 
braking capabilities to 4 m/ s^, which correspond to a friction 
coefficient fjLk — 0.41. 

We consider an "emergency braking alarm" application, 
with such messages transmitted independently of the beacon- 
ing pattern. We investigate how many vehicle collisions occur 
when safety messaging is used with and without security. We 
focus on a platoon of one hundred cars, denoted as Vi to 
Vioo, along a single lane, with Vi at the head and Vioo at 
the queue of the platoon. The leading vehicle Vi makes an 
emergency brake and starts sending warning messages. Once 
some Vi, with i > 1 receives the warning, it warns its driver 
and starts sending warnings itself. As proposed in [3], [7], 
[14], when Vi receives a warning from a Vj with j > i, it 
stops transmitting warnings. This approach assumes that at 
least one vehicle behind Vi has already been warned, thus 
Vj is in a better position to keep warning Vk, for k > j. 
We assume that all braking actions here are (and reported as) 
emergency braking. 

Braking has two effects: (i) it turns on the vehicle rear 
red lights that warn visually vehicles within range (and line) 
of sight (expressed in meters, depending on the simulated 
weather conditions), and (ii) it triggers the transmission of own 
warning messages. Besides warning other vehicles, a warned 
Vi clearly warns its driver who starts braking shortly after. 
Driver reactions, modeled as a random reaction delay between 
0.75 and 1.5 seconds, are triggered by both VC-enabled and 
visual (red light) warnings. 

These simulated conditions are particularly challenging, 
with high vehicle density and average velocities that are 
high for the given average vehicle spacing. High vehicle 
density results in high network load, especially given the high 
beaconing rates, and thus increased packet loss rates. We do 

^We also conducted experiments with a six-lane highway omitted here due 
to space limitations. 



not consider any optimization to reduce processing overhead 
(e.g., based on the message content or by having vehicles 
adapt their beaconing rates), beyond considering messages 
from vehicles with the same heading. This is reasonable for 
shoulder-separated highways, but it hard to achieve in an urban 
or rural setting. In the latter case, of course, it would be 
unrealistic to consider densities of, for example, an average 
160 vehicles within a vehicles's nominal range, which could 
be the case in an eight-lane highway with an average vehicle 
spacing per lane of 20 meters. Finally, we remark that we 
do not simulate lane-changing as a means to avoid collisions, 
but leave it as an item for future work. Depending on road 
conditions (e.g., in low vehicle density) lane changing may 
lead to fewer collisions, but it could have the same effect 
across all scenarios (with or without security). 

We choose pseudonym lifetime r = 60 sec. We consider 
the first 60 sec of the simulated time as a warm-up period, 
during which no emergency conditions arise. By the end of 
the warm up period, this allows for one pseudonym change 
and discovery of neighbors by validating their corresponding 
certificates. This is a realistic situation: at any point in time, 
thus when an emergency arises, vehicles have already discov- 
ered some of their neighbors and can immediately validate 
their warnings. The simulation concludes when all vehicles in 
the platoon are immobile;, as Vi does not resume any motion 
after its emergency braking. 

IV. Communication Overhead 

Our results are shown in Figs. [T] and |2] respectively: the 
y axis is the probability of successful reception of a packet, 
as a function of the distance between the packet sender and 
receiver (the x-axis). We emphasize that although the message 
processing load may be trimmed down, e.g., by using the node 
mobility dynamics, this is not the case for the channel load: 
any transmission 'contributes' interference and increases the 
likelihood of packet collisions. 

This is why the probability of message reception is overall 
lower in Fig. |2] than in Fig. [T] The increase from four to 
eight lanes essentially doubles vehicle density and network 
load. Looking at each plot individually, safety messaging with 
"No Security" achieves the highest reliability consistently as 
the distance changes. In contrast, the BP or Hybrid with 
a ~ 1 achieves the lowest reliability. This due to transmission 
overhead: "No Security" means a constant packet size of 200 
bytes, while each of the different a settings corresponds to 
different, higher per-packet overhead, as shown in Table |l] 
Thanks to Optimization 2, communication reliability improves 
as a increases, but more so for Hybrid whose certificates are 
larger. The average communication overhead due to cryptog- 
raphy is calculated in Table U for the Hybrid and BP schemes, 
as a function of a. "Pushing" the Optimization 2 beyond a 
certain point does not significantly improve reliability further. 

V. Processing Overhead 

We measure the number of packets that a given receiver, TZ, 
must process per time unit. The processing overhead depends 
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Fig. 1. Probability of Successful Packet Reception; Highway Scenario, 
Baseline Pseudonym scheme (BP), 8 lanes. 
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Fig. 2. Probability of Successful Packet Reception; Highway Scenario, 
Hybrid scheme, 8 lanes. 



on the rate of messaging received at TZ, and then the employed 
security scheme that specifies at what rate (in fact, how many 
or those received) must be processed. For simphcity, we 
consider as time unit one beacon period, i.e., 7^^ seconds, 
which we refer to as one slot. On-board hardware platforms 
that will be used for commercial deployment of vehicular 
communication systems are not known and neither is their 
expected processing power This is why we refrain from 
attempting to answer if TZ would be able to process all the 
messages it should. Instead, we measure the rate of messages 
TZ should process. 

Then, only as a reference, we consider platforms with capa- 
bilities close to those used as reference in [5]. We summarize 
the per-message costs in Table HIl and the resultant maximum 



number of messages that could then be processed in one slot 
in Table |lll] assuming all messages are of the same type and 
the node performs no other proessing. Only verifications are 
considered because they are dominant factor of cryptographic 
processing overhead. With n relevant senders within range, TZ 
would receive and process roughly n messages per slot, versus 
one signature generation. The security schemes in Sec. 
involve two types of messages, one carrying a signature only, 
termed the SHORT, and one carrying the signature and 
the pseudonym and the certificate of the signer, termed the 
LONG message. One LONG message is transmitted every 
a SHORT messages, and /3 consecutive LONG messages 
are transmitted upon a pseudonym change. 

Considering that these are all safety messages, TZ must in 
principle process all of them. Those are, as explained above, 
roughly the messages originating from the n vehicles traveling 
in the same direction as TZ. This arrival rate of messages at TZ 
depends on the number of relevant neighbors n, at any given 
time t, the message generation rate 7, the type of messages 
generated, and the radio propagation. 

The node is able to process all the messages received 
within the slot, as the safety application mandates, if the total 
processing time is less than the slot duration: if X!r=o ^« ^ 
7~^, where U is the time needed to process the i-th message. 
The rate p, at which messages should be processed by TZ should 
basically equal that of relevant arriving messages, minus some 
messages that the Optimizations allow avoiding to process. Not 
all received LONG messages from a given sender Vi must 
be processed; the first one for each Vi suffices to validate 
the pseudonym in use. Conversely, SHORT messages from 





Packets per beacon period (slot) of 7 ^ sec 


BP LONG 
Hybrid LONG 
SHORT 


13.9 
1.9 
33.3 



TABLE III 

Maximum number of packets per time slot that can be verified. 
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LONG 


SHORT 




Received 


Processed 


Received 


Processed 








MP 


crp 


MH 


o-R 


MP 


crp 


1 


22.73 


2.69 


0.07 


0.27 


0.00 


0.00 


0.00 


0.00 


5 


5.40 


1.52 


0.07 


0.26 


20.46 


2.40 


20.44 


2.40 


10 


2.94 


1.32 


0.07 


0.26 


23.56 


2.55 


23.54 


2.57 


15 


2.06 


1.37 


0.07 


0.25 


24.66 


2.61 


24.66 


2.61 


30 


1.16 


1.10 


0.07 


0.25 


25.77 


2.60 


25.77 


2.60 


50 


0.83 


0.87 


0.07 


0.26 


26.07 


2.72 


26.03 


2.72 



TABLE IV 



Packet reception and processing statistics for a scenario of 4 
lanes of vehicles and optimization 3 in use - measured results 
FOR Hybrid. 
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LONG 


SHORT 




Received 


Processed 


Received 


Processed 




Mil 




MP 


up 


fJ.R 


CR 


MP 


crp 


1 


25.67 


3.30 


0.14 


0.37 


0.00 


0.00 


0.00 


0.00 


5 


7.52 


2.69 


0.13 


0.34 


28.63 


3.97 


28.56 


3.97 


10 


4.24 


1.95 


0.13 


0.36 


33.70 


3.74 


33.56 


3.71 


15 


2.97 


1.32 


0.13 


0.36 


35.36 


3.74 


34.99 


3.72 


30 


1.68 


1.23 


0.14 


0.35 


37.62 


3.80 


37.33 


3.74 


50 


1.20 


1.06 


0.13 


0.36 


38.37 


4.15 


37.87 


4.06 



TABLE V 



Packet reception and processing statistics for a scenario of 8 
lanes of vehicles and optimization 3 in use - measured results 
FOR Hybrid. 



a non-yet-validated Vi do not have to be processed. 

We perform a series of simulations for the Hybrid scheme 
for which the packet reception probability was determined 
in Sec. HV] We performed the same experiments for the BP 
scheme, but we omit those results due to space limitations and 
because the difference between LONG and SHORT packets 
are more pronounced for the Hybrid. Table |IV] provides the 
results for a scenario with four lanes of traffic and 80 vehicles 
on the average, with the messages originating from roughly 
40 of them being of interest to TZ. Table |V] corresponds to 
the case of 8 lanes of traffic and 160 vehicles on the average 
within range of TZ (similarly, with approximately 80 of them 
generating messages that would be processed by TZ). The 
measured numbers in both tables, obtained when (3 — b 
for both settings, are the means and standard deviations of 
received packets per slot, jin and an respectively, and the 
means and standard deviations of processed packets per slot, 
jip and fTp respectively. The results are shown in these tables 
for SHORT and LONG packets separately, as a function of 
a. 

Note that since there is no specific processing power for TZ, 
the measured statistics for processed messages are both the 
values for the rates that would need to (and are then trivially 
in this case) achieved by TZ. For a — \, all traffic is composed 
solely of LONG packets, but clearly this is not an advisable 
setting neither for the BP nor the Hybrid scheme, as the results 
in Sees. IIVI and IVII show. As a side-note, given the processing 
capabilities in Table |III1 we can deduce that a GS scheme 
[5] would not be workable for the considered platform, as all 
received LONG messages (in fact, at a somewhat higher rate 
than that measured in our tables here, as a GS alone results 
in lower overhead) would need to be processed at TZ. 

Returning to the Hybrid scheme, only one LONG message 
per r, the pseudonym lifetime, and per vehicle (sender) must 
be processedll This overhead can be easily undertaken, as 
validation of processed LONG messages (e.g., 0.14 per slot) 
would require approximately 8% of the processing resources 
reported in Table Hill The high cost for a single Hybrid LONG 
message is amortized. 

It is interesting however that the SHORT message pro- 

^The same is true for BP with Optimizations. 



cessing becomes a dominant load factor In Table IIVI jip 
could be supported by the considered platform, but it would 
consume 78% of its available power If we consider the highest 
measured mean plus three times the standard deviation, the 
resultant SHORT processed rate combined with a similar 
estimate of the worst-case LONG rate could not be sustained; 
there would be slots in which arrivals exceed TZ's processing 
capability. This is certainly so for the 8-lane scenario, as shown 
in Table [Vl only SHORT messages exceed the 33.3 maxi- 
mum achievable processing rate (Table HIHi. These observations 
call for action on two fronts, (i) an increase of the processing 
power and (ii) the design of a set of optimizations in order to 
avoid processing all the packets arriving at TZ. 

VI. Transportation Safety 

We simulate the impact of safety messaging without se- 
curity, denoted as "No Security", versus that of the security 
protocols without Optimization 3, i.e., (3 — Q, and that of 
the protocols with Optimization 3 enabled with a /3 = 5. 
We assume that all vehicles can process all messages needed 
within a slot (with increased processing power, as explained 
in Sec. |V]i. Figs. |3] 2] plot the percentage of crashed platoon 
vehicles as a function of a. 

At first, we observe that safety messaging reduces crashes 
to around 10% of the platoon vehicles, while in the absence 
of vehicle communications, for exactly the same scenarios, 
80%-100% of the vehicles crash (not shown in the figures). 
Recall that the simulated scenarios are challenging (e.g., dense 
placement of fast-moving vehicles). "No Security" safety 
messaging (which reduces crashes up to 90% with respect to 
no V2V) achieves the lowest percentage of crashes and is used 
as a benchmark; a is not a relevant parameter and curves in 
Figs. [3] S are flat with minor variability due to the randomly 
seeded simulations. 

"No Security" safety messaging is the most effective due to 
the lowest network overhead and no restrictions on which alert 
message can be validated. In contrast, the tuning of the secure 
VC protocols affects the effectiveness of the safety application. 
In Figs. [3] m we observe at first fewer crashes as a increases, 
but then a slight increase in crashes for high a values. On the 
one hand, the increase of a reduces the channel load and thus 
increases the per-packet reception probability. On the other 
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hand, when a takes high values, the authentication delay for a 
receiver missing a LONG message increases: for example, for 
a = 50 the authentication delay after the loss of one LONG 
message is at least 5 seconds. 

Optimization 3 reduces crashes for a given a compared to 
the non-optimized protocol {(3 — 0), adding low overhead but 
also significantly reducing authentication delays and averting 
situations that would otherwise lead to crashes. Figs. |3] |4] 
show that /3 = 5 yields an improvement exactly for high 
a values. From a different point of view. Optimization 3 
brings the effectiveness of the application close to that of "No 
Security". Overall, the investigated safety application on top 
of the Hybrid, with appropriate tuning, is equally effective to 
that on top of the BP. 
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Fig. 3. Collisions in a Platoon of 100 Cars; 8-lane Highway Scenario, 
Baseline Pseudonym Scheme 



14.5 



13.5 




20 30 40 

Certificate period (msg) 



50 



60 



Fig. 4. Collisions in a Platoon of 100 Cars; 8-lane Highway Scenario, Hybrid 
Scheme 



VII. Conclusions 

We analyzed through simulations the cost and impact on 
transportation safety that security and privacy-enhancing tech- 
nologies in the literature have. We obtained packet reception 
probability curves for each security scheme, measured the rates 
of packets each node must process, and developed a simulation 
environment that adapts vehicle mobility according to received 
safety application messages to analyze the safety messaging 
and security impact on transportation safety. 

We found that current security protocols push on-board 
processors considered nowadays to their limits, or above them, 
calling for either a redesign of the VC protocols or increased 
on-board processing power If the latter is available, secure 
VC schemes can enable safety levels for an emergency braking 
application nearly identical to those achieved without security. 
Beyond these encouraging results, further analysis and charac- 
terization of the processing overhead at each node, along with 
investigations of alternative communication protocols, as well 
as field experimentation are needed as future work. 
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